Tom Ridge, former Homeland Security secretary and Pennsylvania governor, had a blunt message for guests gathered recently in the packed ballroom at The Westin Cleveland Downtown.

“We are at war folks,” he said. “You have a lot of information and other people would like to have it and commercialize it and monetize it. You may not believe that, but you do.”

Ridge was the keynote speaker Oct. 12 at MCPc’s BusinessTECH’17, a gathering of IT experts, compliance and risk directors, lawyers, chief financial officers and other digital thought leaders, organized by Cleveland-based MCPc, a national secure technology services and solutions provider. (For more coverage, go HERE.) The one-day forum drew more than 500 executives and business partners to listen, learn and share information about technology advances, challenges and issues — from diversity to the Internet of Things — faced by today’s leading-edge organizations.

The first U.S. secretary for Homeland Security, appointed in the wake of the Sept. 11 terror attacks, Ridge is currently chairman of Ridge Global, a risk management and security consulting firm he founded to help address the threat of corporate cyber breaches. He said the same qualities that make the internet a powerful tool for business — “it’s open, it’s ubiquitous, it’s cross-border” — also make it an inexpensive gateway for cyber criminals, particularly those tucked away in nation states. And, the ROI on a successful breach event is “pretty good.”

Ridge outlined several steps companies can take to manage the risk. Chief among them is changing the conventional mindset about cyber security.

Too many organizations today, he said, still consider digital security a drag on the bottom line and make its oversight the responsibility of the CIO. Given the cost to correct a breach and the potential negative impact, such as bad publicity, organizations must consider cyber security an investment — not an expense — that protects the company and its shareholders, he said.

“The cyber risk creates some very serious financial risks. I think Equifax value went down double digits, billions of dollars lost in the stock market,” Ridge said. “It’s an enterprise-wide responsibility, and the leadership needs to start from the top.”